—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability

Advisory ID: cisco-sa-20180328-dhcpr3

Revision: 1.0

For Public Release: 2018 March 28 16:00 GMT

Last Updated: 2018 March 28 16:00 GMT

CVE ID(s): CVE-2018-0174

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJau71dXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczREAP/iYuh1rQkVxSDTxUXqYqueDqxJBW
diHy0eFG4YHgT2KqAtVYCLToPNRmTcO+AyN5+CwWIgdnYgUC/89F2sgezz7q8obI
A1nfr5PunZ3mfNnSu9qPubVC/qSLQw1sBDdnYUJMS4STEcW7QRXyNTiPGdphUMAj
1ra+lSq1jLLgWVZ1k8WwEgzSyd8Ev/bIRGOdHdQlVzbtSrwmkT/OA2giHZeVPWJl
kXpUDB/rJYoUj4poLj5acpPjYKL7t8IfZlcvQq+kJfx3SGNPId64eVZpyIaZYivA
TwPyNqbprjHVvuWjcT9aDBNJOX551RoPFgpNruUYkyy9kTZKOYkKxJT3d/tD4R9c
rdaH/0LZgcJOlvsUtGIfPI2O1XgGIUyMDpgupvIxUpGksiBzjaykivOWr2wNfoOo
VZ13GfEPBtNykNPfeIq0t0alIX7t/BRpns9q2POTQaivI9ioArMk4ts8vjvjN87H
m763l1XNq67pus0Q3Ip2fSOkzGzA01M6qftWpbo6EiVknkjYjxHj3o5wrL0C+V5G
AjUEvD0Iodppszp9RDzivhJ4iglhefyZwPQkUpfzE/0SQ05yP62fd8ax4GJ/tIHZ
1ZsJ645Crp06bAloC+dqR8WxtICk8dm4tIPAOHT4NvvRHCSmZd99ChW9/EicM/rA
hk21Nhb2oX7hPxDV
=lhQ7
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability

Advisory ID: cisco-sa-20180328-dhcpr2

Revision: 1.0

For Public Release: 2018 March 28 16:00 GMT

Last Updated: 2018 March 28 16:00 GMT

CVE ID(s): CVE-2018-0173

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability

Advisory ID: cisco-sa-20180328-dhcpr1

Revision: 1.0

For Public Release: 2018 March 28 16:00 GMT

Last Updated: 2018 March 28 16:00 GMT

CVE ID(s): CVE-2018-0172

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].